i want to configure a linux as gateway (dhcp and nat) and i would like to add 802.1x as authentication protocol.
My question is, i remember in the past, that it has a strong connection with the port (read physical port) it means, if I have a switch connected to my FW and the first use authenticate on that, it means that all other uses on this switch (or all traffic that comes from this port), will be authenticated.. is that true?

2 Answers
2

I'd have to disagree with tk.Simon, 802.1x was designed with switches in mind.

For 802.1x to work properly. you can have only one device connected to switch port, if you need more ports you need more switches that can be RADIUS clients, without switches that support 802.1x authentication you can't have 802.1x in your network.

The authentication is port based, so if you stack switches, you can set port to not require authentication, on every switch it will be at least uplink to backbone/server and links to other switches.

There were moves to introduce client based authentication, but AFAICR no switch on the market or only very high end switches supported it. It could have been deemed insecure, can't remember details at the moment.